Samba
General Information Samba is a program that will allow Windows computers to access files and printers residing on a Linux (or other Unix-like) system. To Windows clients on the network, a Samba server will appear to be a Windows server/workstation. You can also connect to your Samba server using Linux machines as long as they have SMB client software installed (yum install samba-client). Samba can be as complicated or as simple as you like - basic configuration will be covered on this page. For more advanced setups, please see Samba's web site. Installing Samba As always, use yum first unless you have a compelling reason not to. For most users, the precompiled Samba server provided in the official repositories will be fine. If you need additionally functionality compiled into Samba, or want the latest version for whatever reason, see the Samba website for source code. Otherwise, to install Samba with yum: # yum install samba Use one of the options available on the Managing Services page to enable the server to start on boot and to start the process. /etc/samba/smb.conf The Samba config file is located at /etc/samba/smb.conf. All changes to the configuration of Samba take place in this file. Before attempting to modify the file, it is advised to make a backup: # cp /etc/samba/smb.conf /etc/samba/smb.conf.orig As smb.conf governs all your Samba server settings, and is only read when Samba is started, if you make any changes, be sure to restart the Samba daemon for the new configuration to be read. smb.conf is divided into several configuration sections headed by bracket-enclosed terms. The global configuration settings reside under global. Other than global, there are no obligatory sections, but each share must have its own section headed by share-name. For example, a share simply named "share" would be headed by "share" with configuration options underneath. Lines beginning with # (hash/pound) and ; (semicolon) are comments and are ignored by the Samba program when reading the config file. testparm testparm (all lowercase) is a utility for checking the syntax of your smb.conf. It is advised to run this to make sure your smb.conf is syntatically correct before attempting to start/restart the daemon. If issued without arguments, testparm will check the syntax on the file at the default smb.conf location (/etc/samba/smb.conf). Samba service control To control the Samba daemons (there are two): # service smb restart && service nmb restart To stop Samba: # service smb stop && service nmb stop To start Samba: # service smb start && service nmb start Global configuration To begin changing your Samba configuration, open up /etc/samba/smb.conf with a text editor of your choice. Find the section starting with global Global is used to define paramaters that are not unique to individual shares, such as the name of the workgroup, performance options, and so forth. workgroup = Put the name of the desired Windows workgroup here (such as workgroup = WORKGROUP). Next is the server NetBIOS name. Select a NetBIOS name by which the server will be known to Windows clients. This does not have to be the same as your Linux DNS hostname. For more on NetBIOS naming - including rules for valid NetBIOS names - see here. The rule of thumb: NetBIOS names should not exceed 15 alphanumeric characters. netbios name = You can also specify a descriptor for the server that will be displayed to Windows clients. server string = You may want to set the server string to something descriptive such as the location of the server, purpose, etc, or simply the same as your NetBIOS name. It is common to output the Samba Server version with this field, as follows: server string = Samba Server %v Printers Be sure you can print form the server to the printer before setting this up - the following assumes you have a working CUPS-compatible printer. As a rule, if you have a CUPS-compatible printer, you should be able to share out that printer over SMB using Samba (while still using the standard Linux backends for print management and spooling), and then print to the Samba server using the same method you'd use to print to printers shared from Windows machines. Confirming the printer works locally can help in the event you run into trouble sharing it, so start the process of elimination before you have problems. Open the /etc/samba/smb.conf configuration file as stated above. Find the following lines. load printers = cups options = Start by changing these to: load printers = yes cups options = raw Next find the section a little further down.. printers comment = path = browseable = guest ok = writable = printable = Change the lines to.. printers comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = No printable = yes Now the only thing needed is to restart the smb service and to configure clients to print to the networked printer or printers. File Sharing If you are confident in the physical security of your network and in the security of any wireless you are using, Samba shares without passwords should be fine. Know your security concerns. If in doubt, consult help sources about securing your home LAN and err on the side of caution. All Access Warning: This is not a secure share - information on the shares could be viewed or modified by anyone gaining access to your network. Depending on the security of your LAN, this may not be a concern. From the smb.conf file talked about earlier we need to add a small section to it. Name path = writeable = yes browseable = yes guest ok = yes Change the share name to what you want to see it on the network as (note that you may not name a share global because that is reserved for the actual global configuration section!). Put the local path to the shared directory to after the path=. Save the config file and restart the smb service. Password Security Warning: Still not very secure. The easy way to make Samba a bit more secure than the above is to enable local accounts to login as users for Samba. In this scheme, Samba users are "mapped" to local users, and Samba accesses files on the file system using the actual local accounts on behalf of the Samba users. Open the smb.conf file like stated above. Find the following: security = passdb backend = Change them to be security = user passdb backend = pam This enable the local users to log into the samba server. Similar to the all access section , we need to add a section to the bottom. Name path = writeable = yes browseable = yes guest ok = no Change the Share Name to the name of the share. Insert the path after the path =. Add a user to the system if needed. Restart the smb service. With this configuratin, any local account has access to the share. Password Security with no local shell access With this setup samba users have no local system access. All the files are on the Linux system are managed as a user with no shell access. Open the smb.conf file in a text editor. Find the line with: security = passdb backend = Make it read as.. security = share passdb backend = tdbsam Now find the line.. guest account = Add a user name here (keep it in mind for later) Now go to the bottom and add the section. Name path = writeable = yes browseable = yes guest ok = no valid users = Change the Share Name to the name of the share. Insert the path after the path = and add the user names you want to access that directory after the valid users =. Next, Samba users need to be added to Samba - note that Samba accounts are separate from local accounts, but that local accounts will be "mapped" to the Samba user of the same name. # smbpasswd -a Provide a password when required. will be the login you use to authenticate to the server from other clients. If your Samba user won't be needing access to the local machine, you can set up the local account to have a "faux shell" so that local access for will be impossible: # useradd -s /sbin/nologin This gives the user a faux shell that cannot be used to issue commands to the system.